Skip to main content

Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices

posted onFebruary 4, 2021
by l33tdawg
Arstechnica
Credit: Arstechnica

In December, Ars reported that as many as 3 million people had been infected by Chrome and Edge browser extensions that stole personal data and redirected users to ad or phishing sites. Now, the researchers who discovered the scam have revealed the lengths the extension developers took to hide their nefarious deeds.

As previously reported, the 28 extensions available in official Google and Microsoft repositories advertised themselves as a way to download pictures, videos, or other content from sites including Facebook, Instagram, Vimeo, and Spotify. Behind the scenes, they also collected user’s birth dates, email addresses, and device information and redirected clicks and search results to malicious sites. Google and Microsoft eventually removed the extensions.

Researchers from Prague-based Avast said on Wednesday that the extension developers employed a novel way to hide malicious traffic sent between infected devices and the command and control servers they connected to. Specifically, the extensions funneled commands into the cache-control headers of traffic that was camouflaged to appear as data related to Google analytics, which websites use to measure visitor interactions.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th